首页 > 安全 > 网站安全 >

Safe3通用asp防注入代码

2009-01-07

<% Copy Right By Safe3 www.safe3.cnif request.querystring<>"" then stopinjection(request.querystring)if request.Form<>"" then stopinjection(request.Form)if request.Cookies<>"" then stopinjection(r

<%

Copy Right By Safe3 www.safe3.cn
if request.querystring<>"" then stopinjection(request.querystring)
if request.Form<>"" then stopinjection(request.Form)
if request.Cookies<>"" then stopinjection(request.Cookies)
function stopinjection(values)
dim l_get, l_get2,n_get,regex,IP
for each n_get in values
for each l_get in values
l_get2 = values(l_get)
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = "(|;|*|declares|sands|sors|sunions|select|update|insert|../|..\)"
if regex.test(l_get2) then
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP=Request.ServerVariables("REMOTE_ADDR")
end if
slog("<br><br>操作IP: "&ip&"<br>操作时间: " & now() & "<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式: "&Request.ServerVariables("Request_Method")&"<br>提交参数: "&l_get&"<br>提交数据: "&l_get2)
Response.Write "Illegal operation!"
Response.end
end if
set regex = nothing
next
next
end function

sub slog(logs)
dim toppath,fs,Ts,Errorlog
toppath = Server.Mappath("/log.htm")
Set fs = CreateObject("scripting.filesystemobject")
If Not Fs.FILEEXISTS(toppath) Then
Set Ts = fs.createtextfile(toppath, True)
Ts.close
end if
Set Ts= Fs.OpenTextFile(toppath,1)
Do While Not Ts.AtEndOfStream
Errorlog = Errorlog & Ts.ReadLine & chr(13) & chr(10)
loop
Ts.close
Errorlog =Errorlog & logs
Set Ts= Fs.OpenTextFile(toppath,2)
Ts.writeline (Errorlog)
Ts.Close
end sub
%>

相关文章
最新文章
热点推荐